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Werkwiize en inrichting voor het beveiligen van data communicatie 

De uitvinding betreft een werkwijze en een inrichting voor het 
beveiligen van datacommunicatieverkeer tussen een eerste 
5 communicatiestation en een tweede communicatiestation, waarbij de data 
volgens een dataprotocol van het tweede naar het eerste 
communicatiestation wordt verstuurd. In het bijzonder worden 
datacommunicatieverbindingen beschermd, die middels openbare en/of 
private data- en teleconimunicatie-infrastructuur benaderbaar zijn voor 
10 derden. 

Op de markt bevinden zich in toenemende mate apparaten die zijn 
voorzien van een optie, die het mogelijk maakt om zogenaamde service 
op afstand te verlenen. Het gaat hier met name om opgestelde 
f axapparatuur t netwerk-f axapparatuur t telef oonmodems , kabelmodems , 

15 gecombineerde f ax -modem con figura ties , telef oontoestellen, 
antwoordapparaten, telef ooncentrales , kopieermachines , wasmachines en 
andere huishoudelijke, industriele apparaten en bedri jf sapparaten, die 
via de genoemde inf rastructuren met elkaar kunnen communiceren. Dit 
betreft apparaten die apart staan opgesteld, alsmede in combinatie met 

20 andere apparatuur. Deze service op afstand, ook bekend onder de 
engelse termen "remote diagnostics" of "remote maintenance" is 
ontwikkeld om op een flexibele en goedkope wijze ondersteuning te 
kunnen leveren aan de (eind)gebruikers van de apparatuur. 

Service op afstand, verder aangeduid als RDS ("Remote 

25 Diagnostics"), maakt het mogelijk om via de genoemde inf ras true tuur 
vanaf de lokatie van de leverancier of een ander servicepunt, het 
betreffende apparaat aan een analyse te onderwerpen. In een aantal 
gevallen is het zelfs mogelijk dat de servicemen teur op afstand kleine 
reparaties kan uitvoeren. Als blijkt dat reparatie toch op de lokatie 

30 van het apparaat uitgevoerd. moet worden, kan de betreffende 
oriderhoudsmonteur of -technicus met de juiste onderdelen op pad 
gestuurd worden. Via RDS is het namelijk reeds bekend wat er mankeert 
aan het apparaat en welke maatregelen genomen moeten worden om het 
euvel te verhelpen. 

35 De functionaliteit van RDS kan vele geavanceerde opties omvatten: 

Het uitlezen van de diverse tellers tanden; door interpretatie van 
de tellers tanden kan bepaald worden wanneer een onderhoudsbeurt 
nodig is . 
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Het in- en uitschakelen van de optische en akoestische signalen 
bij bv. een faxapparaat; hierdoor is het mogelijk het apparaat op 
af stand te analyseren zonder de directe omgeving te storen. 
Het uitlezen van een fax-/telefoonnummerli jst ; bij een wijziging 
5 van (service) telefoonnummers kunnen deze op af stand gewijzigd 

worden . 

Het uitlezen van een f axjournaal ; het journaal bevat meestal de 
foutencodes van de laatste verzonden f axberichten , welke door de 
technische ondersteuning gebruikt kunnen worden ten behoeve van 

10 de analyse van de apparatuur, 

Het manipuleren van het faxgeheugen; bedoeld om een laatste 
mogelijkheid te bieden voor het leegmaken van het geheugen als 
dit via de voorgeschreven manier niet mogelijk is. 
Het wijzigen van de configuratie-instellingen; als service kan 

15 het apparaat op af stand geconfigureerd worden volgens de wensen 

van de klant. 

Het toevoegen van doors chakelnummers; het servicecentrum kan dan 
zelf eventuele beschadigde faxen bekijken en daaruit afleiden wat 
de mogelijke oorzaak van de storing is, 

20 Hoewel de genoemde functionaliteit is toegespitst op f axapparatuur kan 
een vergeli jkbare functionaliteit aanwezig zijn in de andere hierboven 
genoemde apparatuur. De RDS-functionaliteit kan in principe alle 
functionaliteit bevat ten f die bewerkingen met betrekking tot de in het 
apparaat aanwezige geheugens (RAM, ROM, EEPROM) betreffen. 

25 Vele fabrikanten van datacommunicatie-inrichtingen maken gebruik 

van zogenaamde custom-chipsets (in grote aantallen geproduceerde 
standaard geintegreerde schakelingen) of brengen in grote aantallen 
geproduceerde en aan vele fabrikanten geleverde hardware onder in een 
eigen -behuizing. De specif icaties van de fabrikant zullen in vele 

30 gevallen alleen de door de fabrikant gewenste functies beschrijven. 
Het is dus mogelijk dat (RDS-) functionaliteit in custom-chipsets of 
hardware aanwezig is, die niet aan de eindgebruiker bekend wordt 
gemaakt. 

In de huidige informatiemaatschappi j is kennis macht., Informatie 
35 wordt natuurlijk goed beschermd, middels allerlei fysieke en 
organisatorische beveiligingsmaatregelen . Documenten mogen 
bijvoorbeeld alleen onder ogen komen van een selecte groep personen, 
waarna deze veilig in de kluis worden opgeborgen. Ten behoeve van een 
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snelle besluitvorming en verversing van de informatiepositie zal vaak 
telefonisch overleg worden gevoerd, waarbij veelvuldig van het fax- 
apparaat gebruik wordt gemaakt om de te bespreken documenten naar 
elkaar te verzenden. Hier ligt een zwak punt in de gehele 
5 beveiligingsketen. In wezen worden de betreffende documenten ter 
beschikking gesteld aan derden, waarvan het nu juist de bedoeling is 
dat dat wordt voorkomen. Deze derden, die misschien directe zakelijke 
belangen hebben of zich ophouden in de wereld van de 
informatiemakelaardi j , kunnen de beschikking kri jgen over waardevolle 
10 informatie. Dit kan zelfs zonder dat de eigenaar van die gevoelige 
inf ormatie ook maar enige indicatie heef t , totdat het te laat is . De 
bedri jfsspion blijkt dan wel heel erg dichtbij te zijn en werkt nota 
bene samen met degene die zijn eigen informatie met alle middelen 
heeft beschermd. 

15 Een fax-apparaat beschikt bijvoorbeeld, al dan niet bekend aan de 

eindgebruiker, over RDS-functionaliteit en kan daardoor door een derde 
worden gemanipuleerd . Deze derde kan er bijvoorbeeld voor zorgen dat 
het betreffende fax-apparaat reageert op bepaalde faxnummers en/of 
fax-identif icatienummers . Bij het verzenden en/of ontvangen van faxen 

20 van/naar die faxnummers zal het faxapparaat bijvoorbeeld een extra 
exemplaar verzenden naar het door die derde opgegeven faxnummer. De 
gebruiker van het faxapparaat merkt hier echter niets van, omdat de 
optische en akoestische signalen kunnen worden uitgeschakeld, het 
zogenaamde fax-doorverbindingsnummer niet in de lijst met 

25 faxdoorverbindingsnummers hoeft voor te komen en ook het faxjournaal 
geen melding hoeft te maken van deze handeling. Desnoods wordt een 
kopie van de desbetref fende fax pas tijdens de nachtelijke uren, als 
niemand in het bedri jf aanwezig is, verzonden. 

Bij een netwerk-fax of een modemfax, opgenomen in een 

30 netwerksysteem binnen een bedri jf, is het voor te stellen, dat een 
derde via deze fax of dit modem toegang verkrijgt tot het 
netwerksysteem. Hierdoor zou het mogelijk kunnen zijn op de hierboven 
vermelde wijze ook informatie te onttrekken aan het veilig 
veronderstelde netwerksysteem. 

35 Doels telling van de onderhavige uitvinding is een werkwijze en 

een inrichting te verschaffen voor het beveiligen van 
datacommunicatieverkeer , teneinde te voorkomen dat derden ongemerkt 
gebruik kunnen maken van in een communicatiestation aanwezige 
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f unc tionali tei t . 

De doelstelling wordt volgens de uitvinding bereikt middels een 
werkwijze van de bij aanhef gedef inieerde soort t gekenmerkt door de 
stappen van het vergelijken van het dataprotocol met tenminste 66n 
5 gestandaardiseerd protocol en het slechts doorvoeren van data waarvan 
het dataprotocol voldoet aan het tenminste ene gestandaardiseerde 
protocol, naar het eerste communicatiestation. 

Herhalingen van commando's, of bepaalde combinaties van 
commando's, die ieder op zich tot het gestandaardiseerde protocol 

10 behoren, maar niet tot normaal, effectief datacommunicatieverkeer 
leiden, worden geacht niet tot het gestandaardiseerde protocol te 
behoren. Het is namelijk mogelijk dat dergelijke herhalingen of 
combinaties van commando's gebruikt worden om bepaalde RDS- 
func tionali tei t in te schakelen. 

15 Voordat, bijvoorbeeld bij een faxapparaat, kan worden overgegaan 

tot het ontvangen en/of verzenden vein documenten, zullen de apparaten 
aan beide zijden van de communicatieverbinding elkaar moeten 
informeren over de status waarin zij verkeren. Na deze zogenaamde 
"hand-shake "-procedure wordt de informatie-uitwisseling op elkaar 

20 afgestemd. Beide apparaten zijn nu gereed en zullen de gewenste 
opdracht uitvoeren. Deze procedure en de informatie-uitwisseling, 
verloopt volgens internationaal vastgelegde standaarden, ook 
protocollen genoemd, die voor een deel zijn vastgelegd in de 
zogenaamde ISO-, ETSI- en ANSI-normen, of in voorschrif ten van de ITU. 

25 Voor, tijdens of na de "hand-shake" -procedure kan een controle 
plaatsvinden op de aanwezigheid van bepaalde RDS-functionaliteit . Voor 
het gebruik van RDS-functionaliteit zal een fabrikant protocollen 
gebruiken die niet (geheel) zijn opgenomen in de standaarden. Dit 
betekent dat het gebruik van een zogenaamd exotisch protocol kan 

30 duiden op het gebruik van RDS-functionaliteit. Het geeft in ieder 
geval aan dat de andere parti j zich niet houdt aan de standaard 
protocollen. Het negeren van de standaard geeft een indicatie dat de 
gemaakte verbinding op een andere wijze wordt gebruikt dan de 
gebruiker bedoeld heeft. 

35 Door het toepassen van de werkwijze volgens de uitvinding zal 

een poging van een derde om van buitenaf (verborgen) RDS- 
functionaliteit in te schakelen niet slagen, waardoor de kans dat 
informatie kan weglekken via de gebruikte communicatie-apparatuur 
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aanzienlijk kleiner wordt. 

Omdat volgens de uitvinding het dataprotocol vergeleken wordt met 
gestandaardiseerde protocollen, is de werkwijze volgens de uitvinding 
wereldwi j d toepasbaar • 
5 In een uitvoeringsvorm van de werkwijze volgens de uitvinding 

wordt de gebruiker van een communicatiestation gewaarschuwd indien bij 
het vergelijken van het dataprotocol blijkt dat dit niet tot een 
bekend gestandaardiseerd protocol behoort. Hierdoor wordt de gebruiker 
gewaarschuwd vein een poging van een derde om zijn communicatiestation 

10 te manipuleren, waarop de gebruiker direct actie kan ondernemen. 

Een verdere uitvoeringsvorm van de werkwijze volgens^ de 
uitvinding wordt de verbinding onderbroken indien bij het vergelijken 
van het dataprotocol blijkt dat dit niet tot een gestandaardiseerd 
protocol behoort. Dit heeft als gevolg dat elke poging tot manipulatie 

15 van het communicatiestation door een derde niet zal slagen. 

In een voorkeursuitvoeringsvorm van de werkwijze volgens de 
uitvinding wordt, na constatering dat het dataprotocol niet tot een 
bepaald gestandaardiseerd protocol behoort, een gegevensbestand met 
gegevens van het datacommunicatieverkeer en het tweede 

20 communicatiestation aangemaakt. Door deze gegevens vast te leggen, 
wordt de gebruiker in staat gesteld een zo volledig mogelijk beeld van 
de gebruiker van het tweede communicatiestation te verkrijgen, waarna 
passende maatregelen getroffen kunnen worden. 

Een ander aspect van de uitvinding voorziet in een inrichting, 

25 geschikt om de werkwijze volgens de uitvinding uit te voeren. Hiertoe 
wordt de inrichting voorzien van geheugenmiddelen voor het opslaan van 
datakenmerken van een gestandaardiseerd protocol en vergelijk- 
/doorvoermiddelen voor het vergelijken van de opgeslagen datakenmerken 
met het dataprotocol en het slechts doorvoeren van data waarvan het 

30 dataprotocol voldoet aan het tenminste ene gestandaardiseerde protocol 
naar het eerste communicatiestation. 

Met de inrichting volgens de uitvinding is het mogelijk de 
bovenvermelde werkwijze toe te passen in een datacommunicatie- 
omgeving. Voordeel van de inrichting volgens de uitvinding is dat de 

35 gebruiker onafhankeli jk van het merk en type apparaat zelf kan bepalen 
of RDS-functionaliteit wordt toegelaten. Doordat de inrichting 
gescheiden van het lokale communicatiestation kan worden toegepast, 
hoeft bij aanschaf van het lokale communicatiestation niet te worden 
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gelet op eventuele aanwezige RDS-functionaliteit . 

Door het geringe aantal benodigde onderdelen, is het mogelijk de 
inrichting compact, licht en robuust te vervaardigen, en aan te passen 
aan de situatie waarin deze toegepast wordt. Verder zijn de bediening 
5 en de aansluiting van de inrichting eenvoudig, 

Bij voorkeur worden de geheugenmiddelen uitgevoerd als ROM- 
geheugen. Hierdoor is het niet mogelijk dat tijdens gebruik de inhoud 
van de geheugenmiddelen gemanipuleerd wordt, maar blijft het eenvoudig 
om middels het verwisselen van het ROM-geheugen de inrichting aan te 
10 passen aan de nieuwste gestandaardiseerde protocollen. 

In een uitvoeringsvorm van de inrichting omvat de inrichting 
verder waarschuwingsmiddelen. Wanneer data gedetecteerd wordt, waarvan 
het dataprotocol niet voldoet aan het tenminste ene gestandaardiseerde 
protocol, wordt de gebruiker gewaarschuwd, bijvoorbeeld door visuele 
15 en/of akoes tische waarschuwingsmiddelen . Hierdoor zal de gebruiker 
altijd gewaarschuwd worden als een poging tot manipulatie van het 
eerste communicatiestation wordt ondernomen, zelfs als daarbij wordt 
getracht indicaties van het eerste communicatiestation uit te 
schakelen. 

20 Een verdere uitvoeringsvorm van de inrichting volgens de 

uitvinding omvat weergeefmiddelen, verbonden met de vergelijk- 
/doorvoermiddelen, waarbij de weergeefmiddelen gegevens omtrent het 
datacommunicatieverkeer en het tweede communicatiestation, welke 
opgeslagen zijn nadat bij het vergelijken van het dataprotocol 

25 gebleken is dat dit niet voldoet aan het tenminste ene 
gestandaardiseerde protocol, weergeven. Dit kan bijvoorbeeld 
uitgevoerd worden als een weergeefscherm op de inrichting zelf . 

Als aanvulling kan de inrichting in een verdere uitvoeringsvorm 
voorzien zijn van invoermiddelen, verbonden met de vergelijk- 

30 /doorvoermiddelen, voor het invoeren van commando's met be trekking tot 
het weergeven van de gegevens. 

Een alternatieve uitvoeringsvorm van de uitvinding is om deze, in 
plaats van de weergeefmiddelen en/of de invoermiddelen, te voorzien 
van interfacemiddelen. Deze interfacemiddelen zorgen voor het 

35 uitwisselen van gegevens naar een externe verwerkingsinrichting 
betreffende het datacommunicatieverkeer en het tweede 
communicatiestation, welke gegevens opgeslagen zijn nadat bij het 
vergelijken van het dataprotocol gebleken is dat dit niet voldoet aan 
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het tenminste ene ges tandaardiseerde protocol. Deze 
verwerkingsinrichting kan bijvoorbeeld een computer zijn, waarmee de 
gegevens verder bewerkt en weergegeven kunnen worden. 

Door middel van de weergave van deze gegevens wordt de gebruiker 
5 in staat gesteld een zo volledig mogelijk beeld van de poging tot 
manipulatie van het lokale communicatiestation te verkrijgen, waarna 
passende maatregelen getroffen kunnen worden, 

Volgens een uitvoeringsvorm van de uitvinding kan de inrichting 
geintegreerd worden met het lokale communicatiestation. 
10 De werkwijze en de inrichting volgens de uitvinding zullen nu 

verder toegelicht worden aan de hand van de tekeningen. 

Fig. 1 toont een schema van een uitvoeringsvorm volgens de 
ui tvinding ; en 

Fig. 2 toont het stroomschema van de werkwijze volgens de 
15 uitvinding. 

Fig . 1 toont een schema van een voorkeursuitvoeringsvorm volgens 
de uitvinding, waarbij de inrichting 10 voor het beveiligen van 
datacommunicatieverkeer verbonden is met een eerste 
communicatiestation 11 en een tweede communicatiestation 12. De 

20 inrichting 10 omvat vergeli jk-/doorvoermiddelen 15, die tijdens 
bedrijf met zowel het eerste 11 als het tweede 12 communicatiestation 
kunnen communiceren. De inrichting 10 omvat verder geheugenmiddelen 
14 f verbonden met de vergeli jk-/doorvoermiddelen 15 . In de weergegeven 
voorkeursuitvoeringsvorm van de uitvinding omvat de inrichting 10 

25 verder waarschuwingsmiddelen 16, weergeefmiddelen 17 en invoermiddelen 
18, alien verbonden met de vergeli jk-/doorvoermiddelen 15. De 
communicatiestations 11 en 12 kunnen bijvoorbeeld van een RDS- 
functionaliteit voorziene fax- of kopieerapparaten zijn. 

In de geheugenmiddelen 14 zijn de kenmerken van datacommunicatie 

30 volgens tenminste 6en gestandaardiseerd protocol opgeslagen. De 
vergeli jk-/doorvoermiddelen 15 dienen voor het vergelijken van het 
dataprotocol van data die het tweede communicatiestation 12 naar het 
eerste communicatiestation 11 wil sturen en het slechts doorvoeren van 
data waarvan het dataprotocol voldoet aan het tenminste ene 

35 ges tandaardiseerde protocol, naar het lokale communicatiestation 11. 

In de getoonde voorkeursuitvoeringsvorm omvat de inrichting 10 
tevens waarschuwingsmiddelen 16, welke een waarschuwing geven nadat 
bij het vergelijken van het dataprotocol gebleken is dat dit niet 
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voldoet aan het tenminste ene gestandaardiseerde protocol. In de 
figuur is aangegeven dat de waarschuwingsmiddelen 16 worden uitgevoerd 
als een waarschuwingslamp . Het is echter mogelijk om hiervoor andere 
visuele danwel akoestische waarschuwingsmiddelen te gebruiken. 
5 Tevens omvat de inrichting 10 in de getoonde 

voorkeursuitvoeringsvorm van de uitvinding weergeefmiddelen 17 om 
gegevens omtrent het datacommunicatieverkeer en het tweede 
communicatiestation 12 1 die opgeslagen zijn nadat bij het vergelijken 
van het dataprotocol gebleken is dat dit niet voldoet aan het 

10 tenminste ene gestandaardiseerde protocol, weer te geven. Verder omvat 
de inrichting invoermiddelen 18 voor het invoeren van commando's met 
betrekking tot het weergeven van de gegevens. Het is bijvoorbeeld 
mogelijk om commando's in te voeren om slechts een bepaald gedeelte 
van de gegevens weer te geven op de weergeefmiddelen. 

15 In een niet getoonde uitvoeringsvorm van de uitvinding, omvat de 

inrichting 10 in plaats van de weergeefmiddelen 17 en invoermiddelen 
18, interfacemiddelen, welke verbonden kunnen worden met een externe 
verwerkingsinrichting. Deze verwerkingsinrichting kan bijvoorbeeld een 
computer zijn, waarmee de gegevens verder bewerkt, opgeslagen en 

20 weergegeven kunnen worden. 

In Fig. 2 wordt het stroomschema getoond van de werkwijze volgens 
de uitvinding. De werkwijze begint met het ontvangen van data van het 
tweede communicatiestation 12 in blok 1. In beslissingsblok 2 wordt 
het dataprotocol van de in blok 1 ontvangen data vergeleken met het 

25 gestandaardiseerde protocol. Indien het dataprotocol voldoet aan het 
tenminste ene gestandaardiseerde protocol, wordt de data doorgegeven 
naar het eerste communicatiestation 11 in doorgeefblok 3- Vervolgens 
gaat de werkwijze terug naar blok 1, voor het controleren van de 
verdere ontvangen data. 

30 Indien het dataprotocol niet voldoet aan het tenminste ene 

gestandaardiseerde protocol, vervolgt de werkwijze de procedure in 
waarschuwingsblok 4, waarin de gebruiker gewaarschuwd wordt. De 
volgende stap in de procedure bestaat uit het onderbreekblok 6, waarin 
de verbinding met het tweede communicatiestation onderbroken wordt. 

35 Parallel aan waarschuwingsblok 4 en onderbreekblok 6 wordt in een 
voorkeursuitvoeringsvorm van de werkwijze volgens de uitvinding een 
gegevensbestand opgeslagen in blok 5t waarin gegevens van het 
datacommunicatieverkeer en het tweede communicatiestation opgeslagen 
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worden. 

Met de in de figuren getoonde werkwijze en inrichting voor het 
beveiligen van datacommunicatieverkeer, zal een poging van een derde 
om van buitenaf (verborgen) functionaliteit in te schakelen niet 
5 slagen, waardoor de kans dat informatie kan weglekken via de gebruikte 
communicatie-apparatuur aanzienlijk kleiner wordt. 

Door de gebruiker te waarschuwen en gegevens omtrent het 
datacommunicatieverkeer en het tweede communicatiestation 12 vast te 
leggen, wordt de gebruiker in staat gesteld een zo volledig mogelijk 

10 beeld van de gebruiker van het tweede communicatiestation te 
verkrijgen, waarna passende maatregelen getroffen kunnen worden. 

Voordeel van de beschreven inrichting is dat de gebruiker 
onafhankeli jk van het merk en type apparaat zelf kan bepalen of RDS- 
functionaliteit wordt toegelaten. Doordat de inrichting gescheiden van 

15 het eerste communicatiestation kan worden toegepast, hoeft bij 
aanschaf van het eerste communicatiestation niet te worden gelet op 
eventuele aanwezige RDS-functionaliteit . Uiteraard kan de 
inrichting 10 ook fysiek in het eerste communicatiestation 11 zijn 
opgenomen. De vergeli jk-/doorvoermiddelen 15 kunnen in dat geval 

20 integraal onderdeel uitmaken van een in het eerste communicatiestation 
11 aanwezige processor. 

Door het vergeli jken van het dataprotocol van de ontvangen data 
met gestandaardiseerde protocollen is de werkwijze volgens de 
uitvinding wereldwijd toepasbaar. 

25 Door het geringe aantal benodigde onderdelen, is het mogelijk de 

inrichting compact, licht en robuust te vervaardigen, en aan te passen 
aan de situatie waarin deze toegepast wordt. Verder zijn de bediening 
en de aansluiting van de inrichting eenvoudig. 

Indien de geheugenmiddelen uitgevoerd worden als ROM-geheugen, is 

30 het niet mogelijk dat tijdens gebruik de inhoud van de 
geheugenmiddelen 14 gemanipuleerd wordt, maar blijft het eenvoudig om 
middels het verwisselen van het ROM-geheugen de inrichting aan te 
passen aan de nieuwste gestandaardiseerde protocollen. 

Hoewel de inrichting is beschreven voor het beveiligen van 

35 datacommunicatieverkeer tussen twee communicatiestations , is het 
natuurlijk ook mogelijk om het datacommunicatieverkeer tussen meerdere 
communicatiestations te beveiligen, zoals bijvoorbeeld in een 
ne twerkomgeving . 
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Conclusies 

1. Werkwijze voor het beveiligen van datacommunicatieverkeer 
tussen een eerste communicatiestation (11) en een tweede communicatie- 
station (12), waarbij de data volgens een dataprotocol van het tweede 

5 naar het eerste communicatiestation wordt verstuurd, eekenmerkt door 
de volgende stappen: 

(i) het vergelijken van het dataprotocol met tenminste een 
gestandaardiseerd protocol ; 

(ii) het slechts doorvoeren van data waarvan het dataprotocol 
10 voldoet aan het tenminste ene gestandaardiseerde protocol, naar het 

eerste communicatiestation (11). 

2. Werkwijze volgens conclusie 1, gekenmerkt doordat nadat bij 
het vergelijken van het dataprotocol gebleken is dat dit niet voldoet 

15 aan het tenminste ene gestandaardiseerde protocol, een waarschuwing 
gegenereerd wordt. 

3". Werkwijze volgens conclusie 1 of 2, gekenmerk t doo rd a t nadat 
bij het vergelijken van het dataprotocol gebleken is dat dit niet 
20 voldoet aan het tenminste ene gestandaardiseerde protocol, het 
datacommunicatieverkeer onderbroken wordt. 

4. Werkwijze volgens een van de voorgaande conclusies, gekenmerkt 
doordat nadat bij het vergelijken van het dataprotocol gebleken is dat 

25 dit niet voldoet aan het tenminste ene gestandaardiseerde protocol, 
een gegevensbestand met gegevens van het datacommunicatieverkeer en 
het tweede communicatiestation (12) opgeslagen wordt. 

5. Inrichting voor het beveiligen vein datacommunicatieverkeer 
30 tussen een eerste communicatiestation (11) en een tweede communicatie- 
station (12), waarbij data volgens een dataprotocol van het tweede 
naar het eerste communicatiestation wordt verstuurd, met het kenme rk 
dat de inrichting (10) omvat: 

- geheugenmiddelen (14) waarin datakenmerken van tenminste e£n 
35 gestandaardiseerd protocol opgeslagen zijn; 

- vergeli jk-/doorvoermiddelen (15) voor het vergelijken van de 
opgeslagen datakenmerken met het dataprotocol en het slechts 
doorvoeren van data waarvan het dataprotocol voldoet aan het tenminste 



PC^JL9 8 / 0 0 5 8 1 



11 

ene gestandaardiseerde protocol, naar het eerste communicatiestation 

(11) ♦ 

6. Inrichting volgens conclusie 5. met he t kenmerk dat de 
5 inrichting verder waarschuwingsmiddelen (16) omvat, verbonden met de 
vergelijk-/doorvoermiddelen (15) » welke een waarschuwing geven nadat 
bij het vergelijken van het dataprotocol gebleken is dat deze niet tot 
het tenminste ene gestandaardiseerde protocol behoort. 

10 7. Inrichting volgens conclusie 5 of 6, met het kenmerk dat de 

inrichting verder weergeefmiddelen (17) omvat, verbonden met de 
vergelijk-/doorvoermiddelen (15). waarbij de weergeefmiddelen (17) 
gegevens omtrent het datacommunicatieverkeer en het tweede 
communicatiestation (12) weergeven, welke gegevens opgeslagen zijn 

15 nadat bij het vergelijken van het dataprotocol gebleken is dat dit 
niet voldoet aan het tenminste ene gestandaardiseerde protocol. 

8. Inrichting volgens conclusie 7. met het kenmerk dat de 
inrichting verder invoermiddelen (18) omvat, verbonden met de 

20 vergeli jk-/doorvoermiddelen (15). voor het invoeren van commando's met 
betrekking tot het weergeven van de gegevens. 

9. Inrichting volgens conclusie 5 of 6, met het kenmerk dat de 
inrichting interfacemiddelen omvat, voor het uitwisselen van gegevens 

25 omtrent het datacommunicatieverkeer en het tweede communicatiestation 

(12) met een externe verwerkingsinrichting, welke gegevens opgeslagen 
zijn nadat bij het vergelijken van het dataprotocol gebleken is dat 
dit niet voldoet aan het tenminste ene gestandaardiseerde protocol. 

30 10. Inrichting volgens een van de conclusie 5 tot en met 9. met 

het kenmerk dat de inrichting (10) is geintegreerd in het eerste 
communicat ies tat ion (11). 
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Uittreksel 

De uitvinding betreft een werkwijze en een inrichting voor het 
beveiligen van datacommunicatieverkeer tussen een eerste 
communicatiestation (11) en een tweede communicatiestation (12) f 
5 waarbij de data volgens een dataprotocol van het tweede naar het 
eerste communicatiestation wordt verstuurd. De werkwijze omvat de 
stappen van het vergelijken van het dataprotocol met tenminste £en 
gestandaardiseerd protocol en het slechts doorvoeren van data waarvan 
het dataprotocol voldoet aan het tenminste ene gestandaardiseerde 

10 protocol, naar het eerste communicatiestation (11). 

De inrichting (10) omvat hiertoe geheugenmiddelen (14) waarin 
datakenmerken van tenminste een gestandaardiseerde protocol opgeslagen 
zijn en vergeli jk-/doorvoermiddelen (15) welke de opgeslagen 
datakenmerken vergelijken met het dataprotocol en slechts data 

15 doorvoeren waarvan het dataprotocol voldoet aan het tenminste ene 
gestandaardiseerde protocol. 



20 
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I. Basis of the r p rt 

1 . This report has been drawn on the basis of (substitute sheets which have been furnished to the receiving Office in 
response to an invitation under Articte 14 are referred to in this report as "originaify filed" and are not annexed to 
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1 -9 as received on 1 7/01/2000 with letter of 1 4/01/2000 

Drawings, sheets: 

1/1 as originally filed 

2. The amendments have resulted in the cancellation of: 

□ the description, pages: 

□ the claims, Nos.: 

□ the drawings, sheets: 

3. □ This report has been established as if (some of) the amendments had not been made, since they have been 

considered to go beyond the disclosure as filed (Rule 70.2(c)): 

4. Additional observations, if necessary: 
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1. Statement 
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Claims 
Claims 
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No: 



Claims 
Claims 
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Industrial applicability (IA) 



Yes: 
No: 
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Claims 
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2. Citations and explanations 
see separate sheet 

VIII. Certain observations on the international application 

The following observations on the clarity of the claims, description, and drawings or on the question whether the 
claims are fully supported by the description, are made: 

see separate sheet 
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INTERNATIONAL PRELIMINARY International application No. PCT/NL98/00581 
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V. Reasoned statement under Article 35 (2) (N, IS, IA) 

The following document has been considered for the purposes of this report: 
D1= US-A-5 124984 



The present application relates to a method (claim 1) and a device (independent claim 
4) for protecting data communication traffic through a communication link. 

Document D1 (considered as the closest prior art) describes an access controller for 
communication networks which monitors the data packets transmitted between 
stations, determines when an improper type of access is being made and either 
destroys the packet or transmits one or more packets which cause the termination or 
alteration of the communication between two stations. 

The problem with the prior art is that some packets might reach the receiving station 
before the termination mechanism can end the data communication. 

The solution of the invention, as set out in the two independent claims, is a data 
protection method and a device wherein data sent from a first station to a second 
station pass through the device, said device forwarding the data to the second station 
only if the data complies with a standardised protocol. 

This principle is neither disclosed nor rendered obvious by the available prior art. The 
subject-matter of independent claims 1 and 4, and dependent claims 2, 3 and 5 to 9 
involves an inventive step and the mentioned claims are therefore considered to meet 
the requirements of Article 33 PCT with regard to novelty, inventive step and industrial 
applicability. 

VIII. Certain observations on the international application 

Independent claim 8 does not meet the requirements of Article 6 PCT for the reasons 
set out below: 
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The expression 'providing the data communication protection device in the 
communication link 1 is unclear. It appears to be meant that the protection device is part 
of the physical path between the communication stations and, in that sense, a clearer 
expression should have been used. 
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Method and device for protecting data communication 



The invention relates to a method and a device for protecting data communication 
traffic through a communication link between a first communication station and a second 
5 communication station, in which the data is dispatched according to a data protocol from the 
second communication station to the first communication station, comprising the steps of (i) 
receiving the data from the second communication station in a data communication protection 
device and (ii) comparing the data protocol of the data with at least one standardised protocol in the 
data communication protection device. In particular, data communication links are protected 

10 which can be seized by third parties by means of public and/or private data and 
telecommunication infrastructure. 

Furthermore, the present invention relates to a data communication protection 
device arranged for protecting data communication traffic between a first communication station 
and a second communication station, data being dispatched according to a data protocol from the 

15 second communication station to the first communication station, the data communication 
protection device comprising memory means for storing data characteristics of at least one 
standardised protocol, the data communication protection device further being arranged for 
comparing the data protocol of the data with the at least one standardised protocol. 

Such a method and device are known from US-A-5, 124,984, which discloses a 

20 method for protecting data communication traffic between a first communication station and a 
second communication station, in which the data is dispatched according to a data protocol from 
the second to the first communication station, in which the data protocol is compared with at least 
one standardised protocol and data is forwarded to the first communication station only when the 
data protocol complies with the at least one standardised protocol. The disclosed method and 

25 system are directed to data networks, the network interconnecting a number of stations and a 
network access controller. The network access controller is connected to the network and listens in 
on the data traffic on the network. The network access controller checks the content of each data 
package sent on the network and determines whether the packet is of an authorised type. It relies on 
control mechanisms present in the protocol that is being used in order to terminate communications 

30 between specific stations. It is disclosed that the network access controller 16 is not part of the 
physical path between communication stations. 

Appliances are found to an increasing extent on the market which are provided 
with an option which makes it possible to provide so-called remote service. This involves, 
in particular, installed fax equipment, network fax equipment, telephone modems, cable 

35 modems, combined fax/modem configurations, telephone sets, answering machines, 



telephone exchanges, copying machines, washing machines and other domestic, industrial 
appliances and operating appliances which can communicate with one another via the said 
infrastructures. This relates to appliances which are installed separately and also in 
combination with other equipment. This remote service, also known as "remote 
diagnostics" or "remote maintenance" has been developed in order to be able to deliver a 
flexible and cheap method of support to the (end) users of the equipment 

Remote service, furthermore referred to as RDS ("Remote Diagnostics") 
makes it possible to subject the respective appliance to an analysis via the said 
infrastructure from the location of the supplier or another service point. In a number of 
cases, it is even possible for the service engineer to be able to carry out small repairs 
remotely. If it emerges that repair has nevertheless to be carried out at the location of the 
appliance, the respective maintenance engineer or technician can be sent out with the 
correct components. Specifically, it is already known via RDS what is wrong with the 
appliance and what measures have to be taken to remedy the fault. 

The functionality of RDS may comprise many advanced options: 

The reading-out of the various counter positions; when a service is necessary 

can be determined by interpreting the counter positions. 

The switching-on and switching-off of the visual and audible signals, for 

example, in the case of a fax machine; as a result it is possible to analyse the 

appliance remotely without disturbing the immediate environment. 

The reading-out of a fax/telephone number list; in the event of an alteration of 

(service) telephone numbers, these can be altered remotely. 

The reading-out of a fax log; the log usually contains the error codes of the last 

fax messages sent and these can be used by the technical support for the 

purpose of analysing the appliance. 

The manipulation of the fax memory; this is intended to offer a final possibility 
for erasing the memory if this is not possible by means of the prescribed 
manner. 

The alteration of the configuration settings; as a service, the appliance can be 
configured remotely in accordance with the wishes of the client. 
The adding of connecting-through numbers; the service centre can then 
examine any damaged faxes itself and infer therefrom what the possible cause 
of the fault is. 
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Although the functionality mentioned is concentrated on fax machines, a comparable 
functionality may be present in the other equipment mentioned above. The RDS 
functionality can, in principle, comprise all the functionality which relates to operations 
concerning the memories (RAM, ROM, EEPROM) present in the appliance. 



custom chip sets (standard integrated circuits produced in large numbers) or accommodate 
hardware produced in large numbers and delivered to many manufacturers in a separate 
housing. The specifications of the manufacturer will, in many cases, describe only the 
functions desired by the manufacturer. It is therefore possible that (RDS) functionality is 
10 present in custom chip sets or hardware which is not made known to the end user. 



course, well protected by means of physical and organizational protection measures of all 
kinds. Documents may, for example, be seen only by a select group of individuals, after 
which they are securely stored in the safe. For the purpose of rapid decision-making and 

15 refreshing the information situation, consultation will often be made by telephone, in 
which case use is frequently made of the fax machine to transmit the documents to be 
discussed to one another. It is here that there is a weak point in the entire security chain. 
Essentially, the respective documents are made available to third parties, the intention 
being precisely to avoid that. Said third parties, who possibly have direct business interests 

20 or operate in the world of information brokerage, may acquire possession of valuable 
information. This may take place even without the owner of the sensitive information even 
having any indication until it is too late. The industrial spy therefore appears to be very 
near at hand and works, it is to be noted, together with the individual who has protected his 
own information with every means. 

25 A fax machine has, for example, RDS functionality, whether this is known to 

the end user or not, and can thereby be manipulated by a third party. Said third party can 
ensure, for example, that the respective fax machine responds to certain fax numbers 
and/or fax identification numbers. During the transmission and/or reception of faxes 
from/to these fax numbers, the fax machine will transmit, for example, an additional copy 

30 to the fax number specified by said third party. The user of the fax machine does not, 
however, notice anything in this case because the visual and audible signals can be 
switched off, the so-called fax through-connection number does not have to figure in the 
list of fax through-connection numbers and even the fax log does not have to report this 
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Many manufacturers of data communication devices make use of so-called 



In the modem information society, knowledge is power. Information is, of 
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operation. If neftary, a copy of the fax involved is traftutted only during the night 
hours when no-one is present in the company. 

In the case of a network fax or a modem fax incorporated in a network system 
within a company, it is conceivable that a third party obtains access via said fax or said 
modem to the network system. As a result, it might be possible also to extract information 
in the manner mentioned above from the network system, which is believed to be safe. 

The object of the present invention is to provide a method and a device for 
protecting data communication traffic in order to prevent third parties being able to make 
unnoticed use of functionality present in a communication station. 

According to the invention, the object is achieved by means of a method of the type 
defined in the introduction, characterized by the steps of (iii) providing the data 
communication protection device in the communication link, the data from the second 
communication station to the first communication station passing through the data communication 
protection device and (iv) forwarding data of which the data protocol complies with the at least one 
standardised protocol from the data communication protection device to the first communication 
station, and not forwarding data of which the data protocol does not comply with the at least one 
standardised protocol from the data communication protection device to the first communication 
station. 

Repetitions of commands, or certain combinations of commands, which each 
belong per se to the standardized protocol but do not lead to normal, effective data 
communication traffic, are deemed not to belong to the standardized protocol. Specifically, 
it is possible that such repetitions or combinations of commands are used to switch on 
certain RDS functionality. 

Before a fax machine, for example, can proceed to the reception and/or 
transmission of documents, the appliances at both ends of the communication link have to 
inform one another about the status they are in. After this so-called "handshake" procedure, 
the information exchange is mutually adapted. Both appliances are now ready and will 
carry out the desired task. This procedure and the information exchange proceeds 
according to internationally specified standards, also referred to as protocols, which are 
specified in part in the so-called ISO, ETSI and ANSI standards or in the ITU regulations. 
Before, during or after the "handshake" procedure, a check can take place on the presence 
of certain RDS functionality. To use RDS functionality, a manufacturer will use protocols 
which are not (entirely) incorporated in the standards. This means that the use of a so- 
called exotic protocol can indicate the use of RDS functionality. It indicates in any case 
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that the other pa^is not adhering to the standard protocol The negation of the standard 
indicates that the link made is being used in a manner other than that which the user 
intended. 

As a result of using the method according to the invention, an attempt of a 
third party to switch on (concealed) RDS functionality from the outside will be 
unsuccessful, as a result of which the probability that information can leak out via the 
communication equipment used becomes substantially smaller. 

Because, according to the invention, the data protocol is compared with 
standardized protocols, the method according to the invention can be used worldwide. 

In an embodiment of the method according to the invention, the user of a 
communication station is warned if it emerges during the comparison of the data protocol 
that the latter does not belong to a known standardized protocol. As a result, the user is 
warned of an attempt of a third party to manipulate his communication station, whereupon 
the user can take direct action. 

In a further embodiment of the method according to the invention, the link is 
interrupted if it emerges during the comparison of the data protocol that the latter does not 
belong to a standardized protocol. This has the result that any attempt to manipulate the 
communication station by a third party will be unsuccessful. 

In a preferred embodiment of the method according to the invention, after 
ascertaining that the data protocol does not belong to a certain standardized protocol, a data 
file containing data of the data communication traffic and the second communication 
station is prepared. As a result of recording said data, the user is enabled to obtain as 
complete a picture as possible of the user of the second communication station, after which 
appropriate measures can be taken. 

Another aspect of the invention provides a device suitable for carrying out 
the method according to the invention as defined in the preamble of claim 4. For this 
purpose, the device is further provided with a first link for linking the data communication 
protection device to the first communication station, and a second link for linking the data 
communication protection device to the second communication station, the data passing from the 
second communication station to the first communication station through the data communication 
protection device and comparison/forwarding means for forwarding data received through the 
second link of which the data protocol complies with the at least one standardised protocol from the 
data communication protection device through the first link, and not forwarding data of which the 



data protocol doSP lot comply with the at least one standardised protocol from the data 
communication protection device through the first link. 

With the device according to the invention, it is possible to use the 
abovementioned method in a data communication environment. An advantage of the 
device according to the invention is that the user can determine himself, regardless of the 
brand and type of appliance, whether RDS functionality is permitted. Because the device 
can be used separately from the local communication station, there is no need to pay 
attention to any RDS functionality present when purchasing the local communication 
station. 

As a result of the small number of components required, it is possible to 
manufacture the device in a compact, lightweight and robust form and to adapt it to the 
situation in which it is used. Furthermore, the operation and the connection of the device 
are simple. 

Preferably, the memory means are designed as a ROM memory. As a result, it 
is impossible for the contents of the memoiy means to be manipulated during use, but it is 
still simple to adapt the device to the latest standardized protocols by replacing the ROM 
memory. 

In an embodiment of the device, the device furthermore comprises warning 
means. If data is detected of which the data protocol does not comply with the at least one 
standardized protocol, the user is warned, for example by visual and/or audible warning 
means. As a result, the user will always be warned if an attempt is made to manipulate the 
first communication station, even if an attempt is made in these circumstances to switch off 
indications of the first communication station. 

A further embodiment of the device according to the invention comprises 
display means linked to the comparison/forwarding means, the 
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1. Method for protecting data communication traffic through a communication link 
between a first communication station (11) and a second communication station (12), in 
5 which the data is dispatched according to a data protocol from the second communication 
station to the first communication station, comprising the steps of: 

(i) receiving the data from the second communication station (12) in a data 
communication protection device (10); 

(ii) comparing the data protocol of the data with at least one standardised protocol in 
1 0 the data communication protection device (10), characterised by 

(iii) providing the data communication protection device (10) in the communication 
link, the data from the second communication station (12) to the first communication 
station (1 1) passing through the data communication protection device (10); and 

(iv) forwarding data of which the data protocol complies with the at least one 

1 5 standardised protocol from the data communication protection device (10) to the first 
communication station (11), and not forwarding data of which the data protocol does not 
comply with the at least one standardised protocol from the data communication protection 
device to the first communication station. 



20 2. Method according to Claim 1, characterized in that, after it has emerged during the 

comparison of the data protocol that the latter does not comply with the at least one 
standardized protocol, a warning is generated. 

3. Method according to one of the preceding claims, characterized in that, after it has 
25 emerged during the comparison of the data protocol that the latter does not comply with the 
at least one standardized protocol, a data file containing data of the data communication 
traffic and the second communication station (12) is stored. 



4. Data communication protection device (10) arranged for protecting data 
30 communication traffic between a first communication station (1 1) and a second 

communication station (12), data being dispatched according to a data protocol from the 
second communication station to the first communication station, the data communication 
protection device comprising memory means (14) for storing data characteristics of at least 
one standardised protocol, the data communication protection device (10) further being 




2 

arranged for comparing the data protocol of the data with the at least one standardised 
protocol, characterised in that the data communication protection device (10) further 
comprises 

- a first link for linking the data communication protection device (10) to the first 
5 communication station (1 1), and a second link for linking the data communication 

protection device (10) to the second communication station (12), the data passing from the 
second communication station to the first communication station through the data 
communication protection device; 

- comparison/forwarding means (15) for forwarding data received through the 

10 second link of which the data protocol complies with the at least one standardised protocol 
from the data communication protection device (10) through the first link, and not 
forwarding data of which the data protocol does not comply with the at least one 
standardised protocol from the data communication protection device (10) through the first 
link. 

15 

5. Data communication device according to Claim 4, characterized in that the device 
furthermore comprises warning means (16) linked to the comparison/forwarding means 
(15) which give a warning after it has emerged during the comparison of the data protocol 
that it does not belong to the at least one standardized protocol. 

20 

6. Device according to Claim 4 or 5, characterized in that the device furthermore 
comprises display means (17) linked to the comparison/forwarding means (15), the display 
means (17) displaying data relating to the data communication traffic and the second 
communication station (12), which data are stored after it has emerged during the 

25 comparison of the data protocol that the latter does not comply with the at least one 
standardized protocol. 



7. Device according to Claim 6, characterized in that the device furtheimore 
comprises input means (18) linked to the comparison/forwarding means (15) for inputting 

30 commands relating to the display of the data. 

8. Device according to Claim 4 or 5, characterized in that the device comprises 
interface means for exchanging data relating to the data communication traffic and the 
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second communication station (12) with an external processing device, which data are 
stored after it has emerged during the comparison of the data protocol that the latter does 
not comply with the at least one standardized protocol. 

9. Device according to one of Claims 4 to 8, characterized in that the device (10) is 
integrated in the first communication station (11). 
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(57) Abstract 

The invention relates to a method and a device for protecting data communication traffic between a first communication station 
(It) and a second communication station (12), in which die data is dispatched according to a data protocol from the second to the first 
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and the forwarding only of data of which the data protocol complies with the at least one standardized protocol to the first communication 
station (II). For this purpose, the device (10) comprises memory means (14) in which data characteristics of at least one standardized 
protocol have been stored and comparison/forwarding means (15) which compare the stored data characteristics with the data protocol and 
forward only data of which the data protocol complies with the at least one standardized protocol. 
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The invention relates to a method and a device for protecting 
data communication traffic between a first communication station and a 
second communication station, in which the data is dispatched according 
5 to a data protocol from the second to the first communication station. In 
particular, data communication links are protected which can be seized by 
third parties by means of public and/or private data and 
telecommunication infrastructure. 

Appliances are found to an increasing extent on the market 
10 which are provided with an option which makes it possible to provide so- 
called remote service. This involves, in particular, installed fax 
equipment, network fax equipment, telephone modems, cable modems, 
combined fax/modem configurations, telephone sets, answering machines, 
telephone exchanges, copying machines, washing machines and other 
15 domestic, industrial appliances and operating appliances which can 

communicate with one another via the said infrastructures. This relates 
to appliances which are installed separately and also in combination with 
other equipment. This remote service, also known as "remote diagnoses" 
or "remote maintenance" has been developed in order to be able to deliver 
20 a flexible and cheap method of support to the (end) users of the 
equipment* 

Remote service, furthermore referred to as RDS ("Remote 
Diagnostics") makes it possible to subject the respective appliance to an 
analysis via the said infrastructure from the location of the supplier r 

25 another service point. In a number of cases, it is even possible for the 
service engineer to be able to carry out small repairs remotely. If it 
emerges that repair has nevertheless to be carried out at the location of 
the appliance, the respective maintenance engineer or technician can be 
sent out with the correct components. Specifically, it is already known 

30 via RDS what is wrong with the appliance and what measures have to be 

taken to remedy the fault. 

The functionality of RDS may comprise many advanced options: 
The reading-out of the various counter positions; when a 
service is necessary can be determined by interpreting the 
35 counter positions. 

The switchings and switching-of f of the visual and audible 
signals, for example, in the case of a fax machine; as a result 
it is possible to analyse the appliance remotely without 
disturbing the immediate environment. 
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The reading-out of a fax/ telephone number list; in the event of 
an alteration of (service) t lephone numbers, these can be 
altered remotely. 

The reading-out of a fax log; the log usually contains the 
5 error codes of the last fax messages sent and these can be used 

by the technical support for the purpose of analysing the 
appliance. 

The manipulation of the fax memory; this is intended to offer a 
final possibility for erasing the memory if this is not 
10 possible by means of the prescribed manner. 

The alteration of the configuration settings; as a service, the 
appliance can be configured remotely in accordance with the 
wishes of the client . 

The adding of connecting- through numbers; the service centre 
can then examine any damaged faxes itself and infer therefrom 
what the possible cause of the fault is. 
Although the functionality mentioned is concentrated on fax machines, a 
comparable functionality may be present in the other equipment mentioned 
above. The RDS functionality can, in principle, comprise all the 
20 functionality which relates to operations concerning the memories (RAM, 
ROM, EEPROM) present in the appliance. 

Many manufacturers of data communication devices make use of 
so-called custom chip sets (standard integrated circuits produced in 
large numbers) or accommodate hardware produced in large numbers and 
25 delivered to many manufacturers in a separate housing. The specifications 
of the manufacturer will, in many cases, describe only the functions 
desired by the manufacturer. It is therefore possible that (RDS) 
functionality is present in custom chip sets or hardware which is not 
made known to the end user. 
3Q in the modem information society, knowledge is power. 

Information is, of course, well protected by means of physical and 
organizational protection measures of all kinds. Documents ~may . for 
example, be seen only by a select group of individuals, after which they 
are securely stored in the safe. For the purpose of rapid decision-making 
35 and refreshing the information situation, consultation will often be made 
by telephone, in which case use is frequently made of the fax machine to 
transmit the documents to be discussed to one another. It is here that 
there is a weak point in the entire security chain. Essentially, the 
resp ctive documents are made available to third parties, the intention 
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being precisely to avoid that. Said third parties, who possibly have 
direct business interests or operate in the world of information 

<^ MSSC ssion of valuabl information. This may take 
brokerage, may acquire possession oi vai W 

place even without the owner of the sensitive information even having any 
5 indication until it is too late. The industrial spy therefore appears to 
be very near at hand and wo^s. it is to be noted, together with the 
individual who has protected his own information with every ^ 

A fax machine has, for example, RDS functionality, whether this 
is known to the end user or not, and can thereby be manipulated by a 
10 third party. Said third party can ensure, for example, that the 
respective fax machine responds to certain fax numbers and/or fax 
identification numbers. During the transmission and/or reception of faxes 
from/to these fax numbers, the fax machine will transmit, for example, an 
additional copy to the fax number specified by said third party. The user 
15 of the fax machine does not. however, notice anything in this case 

because the visual and audible signals can be switched off. the so-called 
fax through-connection number does not have to figure in the list of fax 
through-connection numbers and even the fax log does not have to report 
this operation. If necessary, a copy of the fax involved is transmitted 
20 only during the night hours when no-one is present in the company. 

in the case of a network fax or a modem fax incorporated in a 
network system within a company, it is conceivable that a third party 
obtains access via said fax or said modem to the network system. As a 
result, it might be possible also to extract information in the manner 
25 mentioned above from the network system, which is believed to be safe. 
I The object of the present invention is to provide a method and 

a device for protecting data communication traffic in order to prevent 
third parties being able to make unnoticed use of functionality present 
in a communication station. 
30 According to the invention, the object is achieved by means of 

a method of the type defined in the introduction, characterized by the 
steps of the comparison of the data protocol with at least one 
standardized protocol and the forwarding only of data of which the data 
-protocol complies with the at least one standardized protocol to the 
35 first communication station. 

Repetitions of commands, or certain combinations of commands, 
which each belong per se to the standardized protocol but do not lead to 
normal, effective data communication traffic, are deemed not to belong to 
the standardized protocol. Specifically, it is possible that such 
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repetitions or combinations of commands are used to switch on certain RDS 
functionality . 

Before a fax machine, for example, can proceed t the reception 
and/or transmission of documents, the appliances at both ends of the 
communication link have to inform one another about the status they are 
in. After this so-called "handshake" procedure, the information exchange 
is mutually adapted. Both appliances are now ready and will carry out the 
desired task. This procedure and the information exchange proceeds 
according to internationally specified standards, also referred to as 
protocols, which are specified in part in the so-called ISO. BTSI and 
ANSI standards or in the ITU regulations. Before, during or after the 
"handshake" procedure, a check can take place on the presence of certain 
RDS functionality. To use RDS functionality, a manufacturer will use 
protocols which are not (entirely) incorporated in the standards. This 
means that the use of a so-called exotic protocol can indicate the use of 
RDS functionality. It indicates in any case that the other party is not 
adhering to the standard protocols. The negation of the standard 
indicates that the link made is being used in a manner other than that 
which the user intended. 

As a result of using the method according to the invention, an 
attempt of a third party to switch on (concealed) RDS functionality from 
the outside will be unsuccessful, as a result of which the probability 
that information can leak out via the communication equipment used 
becomes substantially smaller. 
25 Because, according to the invention, the data protocol is 

compared with standardized protocols, the method according to the 
invention can be used worldwide. 

In an embodiment of the method according to the invention, the 
user of a communication station is warned if it emerges during the 
30 comparison of the data protocol that the latter does not belong to a 
known standardized protocol. As a result, the user is warned of an 
attempt of a third party to manipulate his communication station, 
whereupon the user can take direct action. 

In a further embodiment of the method according to the 
35 inv ntion, the link is interrupted if it emerges during the comparison of 
the data protocol that the latter does not belong to a standardized 
protocol. This has th result that any attempt to manipulate the 
communication station by a third party will be unsuccessful. 

In a preferred embodiment of the method according to the 
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invention, after ascertaining that the data protocol does not belong to a 
certain standardized protocol, a data file c ntaining data of the data 
communication traffic and the second communication station is prepared. 
As a result of recording said data, the user is enabled to obtain as 
5 complete a picture as possible of the user of the second communication 
station, after which appropriate measures can be taken. 

Another aspect of the invention provides a device suitable for 
carrying out the method according to the invention. For this purpose, the 
device is provided with memory means for storing data characteristics of 
10 a standardized protocol and comparison/ forwarding means for the 

comparison of the stored data characteristics with the data protocol and 
the forwarding only of data of which the data protocol complies with the 
at least one standardized protocol to the first communication station. 

With the device according to the invention, it is possible to 
15 use the abovementioned method in a data communication environment. An 
advantage of the device according to the invention is that the user can 
determine himself, regardless of the brand and type of appliance, whether 
RDS functionality is permitted. Because the device can be used separately 
from the local communication station, there is no need to pay attention 
20 to any RDS functionality present when purchasing the local communication 
station. 

As a result of the small number of components required, it is 
possible to manufacture the device in a compact, lightweight and robust 
form and to adapt it to the situation in which it is used. Furthermore, 
25 the operation and the connection of the device are simple. 

Preferably, the memory means are designed as a ROM memory. As a 
result, it is impossible for the contents of the memory means to be 
manipulated during use. but it is still simple to adapt the device to the 
latest standardized protocols by replacing the ROM memory. 
30 m an embodiment of the device, the device furthermore 

comprises warning means. If data is detected of which the data protocol 
does not comply with the at least one standardized protocol , the user is 
warned, for example by visual and/or audible warning means. As a result, 
the user will always be warned if an attempt is made to manipulate the 
35 first communication station, even if an attempt is made in th se 
circumstances to switch off indications of the first communication 
station. 

A further embodiment of the device according to the invention 
comprises display means linked to the comparison/f orwarding means, the 
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CLAIMS. 

1. Method for protecting data communication traffic between a 

first communication station (11)" and a second communication station (12). 
in which the data is dispatched according to a data protocol from the 
5 second to the first communication station, characterized by the following 
steps: 

(i) the comparison of the data protocol with at least one 

standardized protocol; 

(ii) the forwarding only of data of which the data protocol 
10 complies with the at least one standardized protocol to the first 

communication station (11) . 

2. Method according to Claim 1, characterized in that, after it 
has emerged during the comparison of the data protocol that the latter 
does not conply with the at least one standardized protocol, a warning is 

15 generated » 

3. Method according to Claim 1 or 2, characterized in that, aft r 
it has emerged during the comparison of the data protocol that the latter 
does not comply with the at least one standardized protocol, the data 
communication traffic is interrupted, 

20 4, Method according to one of the preceding claims, characterized 

in that, after it has emerged during the comparison of the data protocol 
that the latter does not comply with the at least one standardized 
protocol, a data file containing data of the data communication traffic 
and the second communication station (12) is stored. 

25 5, Device for protecting data communication traffic between a 

first communication station (11) and a second communication station (12), 
data fceing dispatched according to a data protocol from the second to the 
first communication station, characterized in that the device (10) 
comprises : 

30 - memory means (14) in which data characteristics of at least 

one standardized protocol are stored; 

- comparison/forwarding means (15) for the comparison of the 
stored data characteristics with the data protocol and the forwarding 
only of data of which the data protocol complies with the at least one 

35 standardized protocol to the first communication station (11). 

6^ Device according to Claim 5* characterized in that the device 

furthermore comprises warning means (16) linked to the 
comparison/ forwarding means (15) which give a warning after it has 
emerged during the comparison of the data protocol that it does not 
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belong to the at least one standardised protocol. 

T Device according to Claim 3 or 6, charactered in that «h 

device further comprises dismay means (17) linked " ^ 

mc\ thp distalav means (17) axsp-Lay^e 
^parison/forvardine the second coamun ication 

relating to the data communication traffic and the s 
statioT(l 2 ), which data ar* stored after it has emerged durxng the 
compaTisL of the data protocol that the latter does not co^Xy the 
at least one standardized protocol. 

8 Device according to Claim 7, characterized in that the device 

furthermore comprises input means (18) linked to the 

IrmParon/forwardin, means (15) for inputting commands relate to the 

display of the data. characterized in that the 

q Device according to Claam 5 or b, cnarac^ 

device cerises interface -ana for exchanging data relating to the data 
^cation traffic and the second creation station '"'^J 1 
1^ processes device, which data are stored after « ha. e^rged 
during the comparison cf the data protocol that the latter does not 
eo.pl, -ith the at least one standardized protocol. 
10 Device according to one of Clai»s 5 to 9. charactenMa 

the device (10) ie integrated in the first co.-unication station (11). 
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Method and device for protecting data com munication 

The invention relates to a method and a device for protecting 
; data communication traffic between a first communication station and a 

second communication station, in which the data is dispatched according 
5 to a data protocol from the second to the first communication station. In 
particular, data communication links are protected which can be seized by 
third parties by means of public and/or private data and 
telecommunication inf ras tructure . 

Appliances are found to an increasing extent on the market 

10 which are provided with an option which makes it possible to provide so- 
called remote service. This involves, in particular, installed fax 
equipment, network fax equipment, telephone modems, cable modems, 
combined fax/modem configurations, telephone sets, answering machines, 
telephone exchanges, copying machines, washing machines and other 

15 domestic, industrial appliances and operating appliances which can 

communicate with one another via the said infrastructures. This relates 
to appliances which are installed separately and also in combination with 
other equipment. This remote service, also known as "remote diagnostics" 
or "remote maintenance" has been developed in order to be able to deliver 

20 a flexible and cheap method of support to the (end) users of the 
equipment . 

Remote service, furthermore referred to as RDS ("Remote 
Diagnostics") makes it possible to subject the respective appliance to an 
analysis via the said infrastructure from the location of the supplier or 
25 another service point. In a number of cases, it is even possible for the 
service engineer to be able to carry out small repairs remotely. If it 
emerges that repair has nevertheless to be carried out at the location of 
the appliance, the respective maintenance engineer or technician can be 
sent out with the correct components. Specifically, it is already known 
30 via RDS what is wrong with the appliance and what measures have to be 
taken to remedy the fault. 

The functionality of RDS may comprise many advanced options: 
The reading-out of the various counter positions; when a 
service is necessary can be determined by interpreting the 
35 counter positions. 

The switching-on and switching-of f of the visual and audible 
signals, for example, in the case of a fax machine; as a result 
it is possible to analyse the appliance remotely without 
disturbing the immediate environment. 

J 
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The reading-out of a fax/ telephone number list; in the event of 
an alteration of (service) telephone numbers, these can be 
altered remotely. 

The reading-out of a fax log; the log usually contains the 
error codes of the last fax messages sent and these can be used 
by the technical support for the purpose of analysing the 
appliance. 

The manipulation of the fax memory; this is intended to offer a 
final possibility for erasing the memory if this is not 
possible by means of the prescribed manner. 

The alteration of the configuration settings; as a service, the 
appliance can be configured remotely in accordance with the 
wishes of the client. 

The adding of connecting- through numbers; the service centre 

can then examine any damaged faxes itself and infer therefrom 

what the possible cause of the fault is. 
Although the functionality mentioned is concentrated on fax machines, a 
comparable functionality may be present in the other equipment mentioned 
above. The RDS functionality can, in principle, comprise all the 
functionality which relates to operations concerning the memories (RAM, 
ROM, EEPROM ) present in the appliance. 

Many manufacturers of data communication devices make use of 
so-called custom chip sets (standard integrated circuits produced in 
large numbers) or accommodate hardware produced in large numbers and 
delivered to many manufacturers in a separate housing. The specifications 
of the manufacturer will, in many cases, describe only the functions 
desired by the manufacturer. It is therefore possible that (RDS) 
functionality is present in custom chip sets or hardware which is not 
made known to the end user. 

In the modern information society, knowledge is power. 
Information is, of course, well protected by means of physical and 
organizational protection measures of all kinds. Documents may, for 
example, be seen only by a select group of individuals, after which they 
are securely stored in the safe. For the purpose of rapid decision-making 
and refreshing the information situation, consultation will often be made 
by telephone, in which case use is frequently made of the fax machine to 
transmit the documents to be discussed to one another. It is here that 
there is a weak point in the entire security chain. Essentially, the 
respective documents are made available to third parties, the intention 
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being precisely to avoid that. Said third parties, who possibly have 
direct business interests or operate in the world of information 
brokerage, may acquire possession of valuable information. This may take 
place even without the owner of the sensitive information even having any 
indication until it is too late. The industrial spy therefore appears to 
be very near at hand and works, it is to be noted, together with the 
individual who has protected his own information with every means. 

A fax machine has, for example, RDS functionality, whether this 
is known to the end user or not, and can thereby be manipulated by a 
third party. Said third party can ensure, for example, that the 
respective fax machine responds to certain fax numbers and/or fax 
identification numbers. During the transmission and/or reception of faxes 
from/to these fax numbers, the fax machine will transmit, for example, an 
additional copy to the fax number specified by said third party. The user 
of the fax machine does not, however, notice anything in this case 
because the visual and audible signals can be switched off, the so-called 
fax through-connection number does not have to figure in the list of fax 
through-connection numbers and even the fax log does not have to report 
this operation. If necessary, a copy of the fax involved is transmitted 
only during the night hours when no-one is present in the company. 

In the case of a network fax or a modem fax incorporated in a 
network system within a company, it is conceivable that a third party 
obtains access via said fax or said modem to the network system. As a 
result, it might be possible also to extract information in the manner 
mentioned above from the network system, which is believed to be safe. 

The object of the present invention is to provide a method and 
a device for protecting data communication traffic in order to prevent 
third parties being able to make unnoticed use of functionality present 
in a communication station. 

According to the invention, the object is achieved by means of 
a method of the type defined in the introduction, characterized by the 
steps of the comparison of the data protocol with at least one 
standardized protocol and the forwarding only of data of which the data 
protocol complies with the at least one standardized protocol to the 
first communication station. 

Repetitions of commands, or certain combinations of commands, 
which each belong per se to the standardized protocol but do not lead to 
normal, effective data communication traffic, are deemed not to belong to 
the standardized protocol. Specifically, it is possible that such 
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repetitions or combinations of commands are used to switch on certain RDS 
functionality . 

Before a fax machine , for example, can proceed to the reception 
and/or transmission of documents, the appliances at both ends of the 
communication link have to inform one another about the status they are 
in. After this so-called "handshake" procedure, the information exchange 
is mutually adapted. Both appliances are now ready and will carry out the 
desired task. This procedure and the information exchange proceeds 
according to internationally specified standards, also referred to as 
protocols, which are specified in part in the so-called ISO, ETSI and 
ANSI standards or in the ITU regulations. Before, during or after the 
"handshake" procedure, a check can take place on the presence of certain 
RDS functionality. To use RDS functionality, a manufacturer will use 
protocols which are not (entirely) incorporated in the standards. This 
means that the use of a so-called exotic protocol can indicate the use of 
RDS functionality. It indicates in any case that the other party is not 
adhering to the standard protocols. The negation of the standard 
indicates that the link made is being used in a manner other than that 
which the user intended. 

As a result of using the method according to the invention, an 
attempt of a third party to switch on (concealed) RDS functionality from 
the outside will be unsuccessful, as a result of which the probability 
that information can leak out via the communication equipment used 
becomes substantially smaller. 

Because, according to the invention, the data protocol is 
compared with standardized protocols, the method according to the 
invention can be used worldwide. 

In an embodiment of the method according to the invention, the 
user of a communication station is warned if it emerges during the 
comparison of the data protocol that the latter does not belong to a 
known standardized protocol. As a result, the user is warned of an 
attempt of a third party to manipulate his communication station, 
whereupon the user can take direct action. 

In a further embodiment of the method according to the 
invention, the link is interrupted if it emerges during the comparison of 
the data protocol that the latter does not belong to a standardized 
protocol. This has the result that any attempt to manipulate the 
communication station by a third party will be unsuccessful. 

In a preferred embodiment of the method according to the 
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invention, after ascertaining that the data protocol does not belong to a 
certain standardized protocol, a data file containing data of the data 
communication traffic and the second communication station is prepared. 
As a result of recording said data, the user is enabled to obtain as 
complete a picture as possible of the user of the second communication 
station, after which appropriate measures can be taken. 

Another aspect of the invention provides a device suitable for 
carrying out the method according to the invention. For this purpose, the 
device is provided with memory means for storing data characteristics of 
a standardized protocol and comparison/ forwarding means for the 
comparison of the stored data characteristics with the data protocol and 
the forwarding only of data of which the data protocol complies with the 
at least one standardized protocol to the first communication station. 

With the device according to the invention, it is possible to 
use the abovementioned method in a data communication environment. An 
advantage of the device according to the invention is that the user can 
determine himself, regardless of the brand and type of appliance, whether 
RDS functionality is permitted. Because the device can be used separately 
from the local communication station, there is no need to pay attention 
to any RDS functionality present when purchasing the local communication 
station . 

As a result of the small number of components required, it is 
possible to manufacture the device in a compact, lightweight and robust 
form and to adapt it to the situation in which it is used. Furthermore, 
the operation and the connection of the device are simple. 

Preferably, the memory means are designed as a ROM memory. As a 
result, it is impossible for the contents of the memory means to be 
manipulated during use, but it is still simple to adapt the device to the 
latest standardized protocols by replacing the ROM memory. 

In an embodiment of the device, the device furthermore 
comprises warning means. If data is detected of which the data protocol 
does not comply with the at least one standardized protocol, the user is 
warned, for example by visual and/or audible warning means. As a result, 
the user will always be warned if an attempt is made to manipulate the 
first communication station, even if an attempt is made in these 
circumstances to switch off indications of the first communication 
station. 

A further embodiment of the device according to the invention 
comprises display means linked to the comparison/ forwarding means, the 
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display means displaying data relating to the data communication traffic 
and the second communication station which are stored after it has 
emerged during the comparison of the data protocol that the latter does 
not comply with the at least one standardized protocol. This can be 
implemented, for example, as a display screen on the device itself. 

As an addition, the device can be provided, in a further 
embodiment, with input means linked to the comparison/ forwarding means 
for inputting commands relating to the display of the data. 

An alternative embodiment of the invention is to provide it 
with interface means instead of the display means and/or the input means. 
Said interface means ensure the exchange of data relating to the data 
communication traffic and the second communication station with an 
external processing device, which data are stored after it has emerged 
during the comparison of the data protocol that the latter does not 
comply with the at least one standardized protocol. Said processing 
device may be, for example, a computer with which the data are processed 
further and can be displayed. 

By means of the display of said data, the user is enabled to 
obtain as complete a picture as possible of the attempt to manipulate the 
local communication station, after which appropriate measures can be 
taken. 

According to an embodiment of the invention, the device can be 
integrated with the local communication station. 

The method and the device according to the invention will now 
be explained further by reference to the drawings. 

Figure 1 shows a diagram of an embodiment according to the 
invention; and 

Figure 2 shows a flow chart of the method according to the 

invention. 

Figure 1 shows a diagram of a preferred embodiment according to 
the invention in which the device 10 for protecting data communication 
traffic is linked to a first communication station 11 and a second 
communication station 12. The device 10 comprises comparison/ forwarding 
means 15 which can communicate during operation both with the first 
communication station 11 and the second communication station 12. The 
device 10 furthermore comprises memory means 14 linked to the 
comparison/ forwarding means 15. In the preferred embodiment of the 
invention shown, the device 10 furthermore comprises warning means 16, 
display means 17 and input means 18, all linked to the 
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comparison/forwarding means 15- The communication stations 11 and 12 may 
be, for example, fax or copying machines provided with an RDS 
functionality. 

In the memory means 14, the characteristics of the data 
5 communication are stored according to at least one standardized protocol. 
The comparison/ forwarding means 15 serve to compare the data protocol of 
data which the second communication station wishes to dispatch to the 
first communication station 11 and to forward only data of which the data 
protocol complies with the at least one standardized protocol to the 

10 local communication station 11. 

In the preferred embodiment shown, the device 10 also comprises 
warning means 16, which give a warning after it has emerged during the 
comparison of the data protocol that the latter does not comply with the 
at least one standardized protocol. The figure indicates that the warning 

15 means 16 are implemented as a warning lamp. However, it is possible to 
use other visual or audible warning means for this purpose. 

In the preferred embodiment of the invention shown, the device 
10 also comprises display means 17 for displaying data relating to the 
data communication traffic and the second communication station 12 which 

20 have been stored after it has emerged during the comparison of the data 
protocol that the latter does not comply with the at least one 
standardized protocol. Furthermore, the device comprises input means 18 
for inputting commands relating to the display of the data. It is 
possible, for example, to input commands to display only a certain 

25 portion of the data on the display means. 

In an embodiment of the invention not shown, the device 10 
comprises, instead of the display means 17 and input means 18, interface 
means which can be linked to an external processing device. This 
processing device may be, for example, a computer with which the data can 

30 be processed further, stored and displayed. 

Figure 2 shows the flow chart of the method according to the 
invention. The method begins with the reception of data from the second 
communication station 12 in block 1. In decision block 2, the data 
protocol of the data received in block 1 is compared with the 

35 standardized protocol. If the data protocol complies with the at least 
one standardized protocol, the data is forwarded to the first 
communication station 11 in forwarding block 3- The method then returns 
to block 1 to check the further data received. 

If the data protocol does not comply with the at least one 
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standardized protocol, the method continues the procedure in warning 
block 4, in which the user is warned. The following step in the procedure 
comprises the interrupt block 6, in which the link to the second com- 
munication station is interrupted. In a preferred embodiment of the 
5 method according to the invention* in block 5. a data file is stored in 
which data of the data communication traffic and the second communication 
station are stored in parallel with warning block 4 and interrupt block 
6. 

Using the method and device shown in the figures for protecting 

10 data communication traffic, an attempt of a third party to switch on 
(concealed) functionality from the outside will be unsuccessful, as a 
result of which the probability that information can leak out via the 
communication equipment used becomes appreciably smaller. 

As a result of warning the user and recording data relating to 

15 the data communication traffic and the second communication station 12, 
the user is enabled to obtain as complete a picture as possible of the 
user of the second communication station, after which appropriate 
measures can be taken. 

An advantage of the device described is that the user can 

20 determine himself, regardless of the brand and type of appliance whether 
RDS functionality is permitted. Because the device can be used separately 
from the first communication station, there is no need to pay attention 
to any RDS functionality present when purchasing the first communication 
station. Of course, the device 10 can also be physically incorporated in 

25 the first communication station 11. In that case, the 

comparison/ forwarding means 15 can form an integral component of a 
processor present in the first communication station 11. 

As a result of the comparison of the data protocol of the 
received data with standardized protocols, the method according to the 

30 invention can be used worldwide. 

As a result of the small number of components required, it is 
possible to manufacture the device in a compact, lightweight and robust 
form and to adapt it to the situation in which it is used. Furthermore, 
the operation and the connection of the device are simple. 

35 If the memory means are designed as a ROM memory, it is 

impossible for the contents of the memory means 14 to be manipulated 
during use, but it is still simple to adapt the device to the latest 
standardized protocols by means of replacing the ROM memory. 

Although the device has been described for the protection of 
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data communication traffic between two communication stations, it is, of 
course, also possible to protect the data communication traffic between 
plurality of communication stations, such as, for example, in a network 
environment. 
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CLAIMS " " 

1 . Method for protecting data communication traffic between a 
first communication station (11) and a second communication station (12), 
in which the data is dispatched according to a data protocol from the 
second to the first communication station, characterized by the following 
steps: 

(i) the comparison of the data protocol with at least one 
standardized protocol; 

(ii) the forwarding only of data of which the data protocol 
complies with the at least one standardized protocol to the first 
communication station (11). 

2. Method according to Claim 1, characterized in that, after it 
has emerged during the comparison of the data protocol that the latter 
does not comply with the at least one standardized protocol, a warning is 
generated . 

3. Method according to Claim 1 or 2 , characterized in that, after 
it has emerged during the comparison of the data protocol that the latter 
does not comply with the at least one standardized protocol, the data 
communication traffic is interrupted. 

4. Method according to one of the preceding claims, characterized 
in that, after it has emerged during the comparison of the data protocol 
that the latter does not comply with the at least one standardized 
protocol, a data file containing data of the data communication traffic 
and the second communication station (12) is stored. 

5. Device for protecting data communication traffic between a 
first communication station (11) and a second communication station (12), 
data being dispatched according to a data protocol from the second to the 
first communication station, characterized in that the device (10) 
comprises : 

- memory means (14) in which data characteristics of at least 
one standardized protocol are stored; 

- comparison/ forwarding means (15) for the comparison of the 
stored data characteristics with the data protocol and the forwarding 
only of data of which the data protocol complies with the at least one 
standardized protocol to the first communication station (11). 

6. Device according to Claim 5, characterized in that the device 
furthermore comprises warning means (16) linked to the 

comparison/ forwarding means (15) which give a warning after it has 
emerged during the comparison of the data protocol that it does not 
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belong to the at least one standardized protocol. 

7. Device according to Claim 5 or 6, characterized in that the 
device furthermore comprises display means (17) linked to the 
comparison/ forwarding means (15). the display means (17) displaying data 
relating to the data communication traffic and the second communication 
station (12), which data are stored after it has emerged during the 
comparison of the data protocol that the latter does not comply with the 
at least one standardized protocol. 

8, Device according to Claim 7, characterized in that the device 
furthermore comprises input means (18) linked to the 

comparison/forwarding means (15) for inputting commands relating to the 
display of the data. 

9 # Device according to Claim 5 or 6, characterized in that the 

device comprises interface means for exchanging data relating to the data 
communication traffic and the second communication station (12) with an 
external processing device, which data are stored after it has emerged 
during the comparison of the data protocol that the latter does not 
comply with the at least one standardized protocol. 

10. Device according to one of Claims 5 to 9» characterized in that 

the device (10) is integrated in the first communication station (11). 
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